Whole Disk Encryption
Project Status — December 7, 2016
Deployments are under way, and progress is being made. Users who have been scheduled for Whole Disk Encryption will receive notices on the Monday before their deployment is to take place. We held a presentation and question/answer event on November 3rd and December 1st to answer any questions users might have. If you were not able to attend and would like to view the presentation, you can view a recording here. Meanwhile, if you are an employee, please contact your TSP or System Administrator with any questions. If you are a student, please contact the Student Technology Center.
Whole Disk Encryption
Encrypting your computer is one of the most effective ways to protect the information stored on your hard drive. If your computer stores or processes high risk data (see Standards: Data Classifications), encrypting your hard drive is a necessary step to ensure the security of any data in case of loss or theft of your device. High risk data should only be stored on approved ITS servers under UI policies and standards; however, to protect any incidental data that may accidentally reside on your local system, WDE is an essential best practice.
Sophos SafeGuard has been chosen to manage the built-in encryption technologies for both Windows and Mac desktop and laptop computers, and once installed will seamlessly encrypt all data stored on your hard drive(s). This information is safe while the computer is shut down and requires a password before the information can be accessed again. If your device is ever lost or stolen, ITS can verify that the device was encrypted and that your information cannot be accessed by any third party.
The University of Idaho requires computers which process high risk data be encrypted using WDE.
What it Can Do
- Protect all data if your computer is lost or stolen
- Protect data from unauthorized users attempting to break in to your physical device
What it Cannot Do
- Encrypt e-mail
- Encrypt files moved to the network (i.e. S: or U: drive), or a USB/flash drive
- Protect data stolen by malware or someone with your password
- Information stored on computers encrypted with WDE cannot be accessed by unauthorized users
- Information can be recovered from the system with the assistance of ITS in the event that the pre-boot authentication passphrase is lost or forgotten
- Encryption can be deployed consistently across both Windows and Mac computers
Windows 7 SP 1 and newer supported versions of Windows
- At least 1 GB of RAM (Not all of this is needed by WDE)
- System must be joined to the Active Directory Domain: Follow these instructions
- System must have the System Center Configuration Manager client installed. You may need assistance from your TSP or SysAd as an employee, or the Student Technology Center as a student.
- Systems using Windows 7 must be equipped with a Security Chip (TPM)
Mac OS X 10.9 and newer
- At least 2 GB of RAM (Not all of this is needed by WDE)
If you need help with pre-boot authentication or require additional assistance, submit a request to your TSP or System Administrator if you're an employee. If you are a student, please contact the Student Technology Center.